Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1512 → Rev 1513

/alcasar.sh
591,6 → 591,11
echo "ip_conntrack_ftp" >> /etc/modprobe.preload
# load ipt_NETFLOW module
echo "ipt_NETFLOW" >> /etc/modprobe.preload
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
$SED "s?\[ -f \$IPTABLE_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies)
#
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
1563,9 → 1568,6
##########################################################
BL ()
{
# modify iptables boot file to start alcasar-iptables.sh when the system is booting
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
# copy and extract toulouse BL
rm -rf $DIR_DG/lists/blacklists
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1608,7 → 1610,6
if [ "$mode" != "update" ]; then
$DIR_DEST_SBIN/alcasar-bl.sh --adapt
$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
# !!! we can be banned by DNS server (waiting for a cool solution $DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
fi
}